BlackHole Exploit Kit 2.0 Made Available, Price Remains the Same

The infamous BlackHole exploit kit has been upgraded to the 2.0 version. Its developers have noticed that security solutions have no problem in identifying the old variant as being malware, so they claim to have rewritten it from scratch.

As expected, BlackHole 2.0 comes with several improvements. First of all, they added a protection mechanism that prevents security firms from accessing the exploits, and in order to achieve this, dynamic URLs – which are valid for only a few seconds - are generated.

The new variant doesn’t rely on plugindetect to determine the Java version that’s installed, thus speeding up the malware download process. Old exploits that were causing browsers to crash and “scary visual effects” have been removed.

Furthermore, because the link to the malicious payload was easily identified by security software, BlackHole 2.0 comes with a feature that allows the customer to choose the link. The creators of the exploit kit claim that this way none of the commercial antivirus solutions is able to detect it.

Dynamic URLs are utilized everywhere, permanent variable names – which were easily detectable - not being used anymore.

A number of 16 improvements have also been made to the BlackHole’s administrator panel: it’s faster, statistics are easier to view, and mobile phones and Windows 8 have been added to allow customers to see precisely what types of devices are infected.

Finally, a number of “private tricks” have been implemented, which the author prefers to keep a secret because he fears that competitors and antivirus companies are “sneaking around.”

As far as the pricing goes, the developers are renting it to anyone for the amount of $500 (400 EUR) per month on their own servers. If the customer has his own server, the license is much cheaper: $700 (560 EUR) for three months, $1,000 (800 EUR) for six months, and $1,500 (1,200 EUR) for a whole year.

The cybercriminals even offer support on weekdays between 9AM and 7PM.